US entertainment industry to Congress: make it legal for us to deploy rootkits, spyware, ransomware and trojans to attack pirates!

The hilariously named "Commission on the Theft of American Intellectual Property" has finally released its report, an 84-page tome that's pretty bonkers. But amidst all that crazy, there's a bit that stands out as particularly insane: a proposal to legalize the use of malware in order to punish people believed to be copying illegally. The report proposes that software would be loaded on computers that would somehow figure out if you were a pirate, and if you were, it would lock your computer up and take all your files hostage until you call the police and confess your crime. This is the mechanism that crooks use when they deploy ransomware.

It's just more evidence that copyright enforcers' network strategies are indistinguishable from those used by dictators and criminals. In 2011, the MPAA told Congress that they wanted SOPA and knew it would work because it was the same tactic used by governments in "China, Iran, the UAE, Armenia, Ethiopia, Saudi Arabia, Yemen, Bahrain, Burma, Syria, Turkmenistan, Uzbekistan, and Vietnam." Now they've demanded that Congress legalize an extortion tool invented by organized criminals.

Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.

It gets better:

While not currently permitted under U.S. law, there are increasing calls
for creating a more permissive environment for active network defense that allows companies not
only to stabilize a situation but to take further steps, including actively retrieving stolen information,
altering it within the intruder’s networks, or even destroying the information within an unauthorized
network. Additional measures go further, including photographing the hacker using his own system’s
camera, implanting malware in the hacker’s network, or even physically disabling or destroying the
hacker’s own computer or network.

Indeed. but creating, via legal process, the ability to take control of another’s computer or devices just shows how Hollywood and the LA County area have a problem with power and control.

Normally, a legitimate company or industry would attempt to solve business issues of settlement of rights and royalties for artistic work. However, it seems there are few business solutions, but plenty of solutions which use methods of power and control of other things to solve a problem.

This is a crazy idea. Going to congress, to ask for backdoors into others computers and information is a definite sign that the business solutions offered by the companies in entertainment aren’t working, or sales expectations aren’t being met.

I’m real curious to see if Sony Pictures Entertainment splits from Sony Corp. Sony tried to innovate multiple platforms, but even BluRay, to a point, has failed to gain industry acceptance. Separating content from delivery will allow Sony to pursue actual platform solutions outside of those offered by Sony.

Thing is a backdoor to your computer, is what they’d ask for today. When that doesn’t work, they’ll want to control your treadmill or fridge. Maybe turn the power off to your home. Who knows, but today, you can get an 80-inch 4k resolution TV for the cost of going to the theater about 100 times. Whomever figures out how to distribute 4K video will likely develop an industry standard. This is more useful than going to congress and asking to place backdoors and viruses on everyone’s computer system.

Wheres the logic? Two wrongs dont make a right, i learned that when i was 3. Using iligal processes to combat illegal processes is ridicules.
The fact they even submitted that to congress should be a big red flag to everyone in congress that hollywood is insane.

no the entertainment industry need to be taken back from the filthy rat faced k!kes who own and run it , those people will not stop trying to control everything and everyone till they are all placed back in the ovens

The problem is that they want to legalize these processes. In your US, i think locking someone into your house and nit letting him out is illegal. Still, police nay do that, when they have evidence that you commited a crime. This paper wants the congress to allow concerns the use of malware, if they have evidence that you have broken copyright. The big problem i see about thisis that the mechanisms could be abused for personal uses, or even for corruption. Imagine a rich dumbass going to such a concern and saying: “You get 500,000$ if you delete all the files on my hated ex-wifes computer with your legal malware.

more like typical k!ke logic, hollywood is owned and run by filthy hook nose parasites, just like all the rest of the media and much of the internet ,so is the record industry MPAA and RIAA , with jews you lose

That doesn’t even parse. Are they talking about somebody remotely hacking into a file, because I don’t quite get the context where the text makes even remotely sense? (Blunt attacks? Stabilize a cyber incident???)

Anyway, “destroying the hacker’s own computer or network”… yea, that would be a fun way to find out that somebody is downloading stuff at work. Wasn’t there a lot of downloads logged from the White House? I suggest they should be the first ones to field test this proposal.

But hey, can’t fault them from trying. It’s the ones who are actually legislating stuff like this who should be faulted.

That helps with that flaw :-P
Remember, you’re talking a well funded attacker here, not a bunch of script kiddies. The main advantage Linux has over Windows here is the heterogeneity. They’re not going to be able to do something simply, but they have the resources to spend.

That sentence makes perfect sense if you take AND NOT to mean WITHOUT instead of INSTEAD OF. Both are valid interpretations of the words, however, only one makes sense and it wasn’t the one you picked.

The DMCA makes it illegal to traffic in software that can give you access to content you own legally for legal purposes.

That’s not enough. They now want to be able to hack and destroy your machine on suspicion of you having performed copyright violation. Which would include accessing content you legally own through an unapproved mechanism, given the DMCA.

Things need to move in the opposite direction from this. Sadly, given how Congress is funded nowadays, it’s going to be a tough fight to stop this kind of thing again.

I’d say let them try. It will change absolutely nothing. Foreign IP thieves will find a way around it quickly. Rippers will find a way around it just as quickly. Then bugs will kill off computers of several innocent people. Then all of it gets buried in outside of court settlements until these lunatics come up with a new retarded idea.

The report really isn’t about Americans stealing movies and music (although the recommended measures could be used by the entertainment industry to cut down on copyright theft): it’s about China’s industrial espionage. If they want to significantly cut down on the amount of IP theft, they could simply stop manufacturing everything in China. I think the crazy part is thinking that if they change the rules, it will suddenly halt all the IP thefts. What they want is for China to suddenly start paying what they can get for free, or more cheaply, and that will never happen, because the influx of all those US dollars is what helps fuel the efforts to steal the IP in the first place. China is poor compared to the West, rule of law there is a matter of how much, and the government and industry are actively colluding to steal IP.

There would be an avalanche of lawsuits the moment they got the wrong person (see Sony rootkit debacle). The entertainment industry is understandably cautious about employing any mechanisms that would require significantly legal capital to defend themselves. I think the report is primarily about making it legal for corporations to essentially engage in ‘cyber’ warfare with IP-stealing entities in China, which I’m pretty sure wouldn’t work.

The issue isn’t the one or two paragraphs devoted to the “entertainment industry”. The issue is the entire article above is blindly written to make the reader think the RIAA & MPAA are behind this when blissful correctly points out this has 99.5% to do with trade secrets and patents (legal definitions which do not apply to songs and movies).

well, considering sony already deployed a rootkit to do pretty close to what’s proposed and nobody got prosecuted while Aaron Swartz was branded a thief who demanded the full resources of the DOJ are we supposed to treat this as a serious question? (sorry, not trying to flame you personally but we all know the answer – not just being pessimistic, there’s clear precedent…)

Corey, man, I love you and all, but this isn’t the MPAA. The Commission on the Theft of American Intellectual Property is made up of: {Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief of the U.S. Pacific Command; Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the State of Utah, and Deputy U.S. Trade Representative; Craig R. Barrett, former Chairman and CEO of Intel Corporation; Slade Gorton, former U.S. Senator from the State of Washington, Washington Attorney General, and member of the 9-11 Commission; William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense; Deborah Wince-Smith, President and CEO of the Council on Competitiveness; Michael K. Young, President of the University of Washington and former Deputy Under Secretary of State}

It would appear that these people are far more concerned with international disregard for patents in manufacturing and innovation. Yes, what is proposed here could be used by the MPAA to further enact societal harm, but ignoring the distinction between this commission and the MPAA does a disservice to the nuances of these issues.

It doesn’t make any sense for this to be used to protect patents. A patent doesn’t cover a particular implementation, so it wouldn’t stop patent infringement. The patents themselves are a matter of the public record, so patent infringement is completely useless unless they install a rootkit on anybody visiting any patent database.

“Such measures do not violate existing laws on the use of the Internet”

I’m too lazy/hungover to cite chapter and verse but I’m pretty sure that statement is incorrect vis-à-vis distributing malware designed to disable the recipient’s computer, particularly given the explicit presumption of guilt/liability.

Maybe the rightsmongers think that as one of the most hated industries in the country, they have nothing to lose?

If so, they’re wrong.

Forget about the massive wave of lawsuits from innocent people who would undoubtedly be damaged by a half-assed and poorly-thought-out scheme like this. They should be concerned for their financial (and possibly physical) safety. They’re escalating a war with people who are *better at it* than they are. That’s not smart, and it will certainly end in tears.

I have a large collection of DVDs bought over many years. It covers films and TV and includes DVDs from pretty much all the major studios. I also go to the cinema to see good films (so far this year I have seen Die Hard, Star Trek, Iron Man and Oblivion with a whole bunch more to see later in the year when they come out). I WANT to acquire content legally but with the studios continuing to push for crap like its its getting harder and harder to justify paying money to those scumbags.

At a time of record profits the entertainment industry seeks to buy this into law. Such a draconian attitude, is the next step putting cameras in our home so they can be sure only the person that purchased the DVD is watching the DVD?

I would be totally in favor of that. Which means, we’d all have to start watching our DVDs when we’re butt naked. Including regular mooning at the camera at the start of the movie and at the end. I wonder who’d submit first.

Puh, citating without context…
Your second citation from the text.:the writers do share your opinion if you just continue reading
Your first citation: obviously the software has to be accessed actively by the intruder bypassing actively the intruded network’s security system so it is his risk. But a good hacker wouldn’t mind and the governmental ones even not at all.
And of course malicious someones will distribute the files around the internet just to blame innocent users.
Of course it looks useful to preinstall such software on networks (like universities) just to blame the user when he tries to access or open protected files. But here again these files can be distributed to innocent users being then blamed by red alarms so that in the end this measure just proves useless and annoying.

So in the end companies have just to think more seriously about which documents they let be accessed to and how they do password protect access and file, because the red alarm won’t work in China :-)
But as long managers travel with their Apple phones and macsomethings through chinese border controls one does’t have to bother about security measures.

But this here in this blog is just cheap polemics and won’t serve this Mr.Doctorows reputation.

Well I understand tha the anglosaxons are fearing to lose their adavance in technology to the Asians, and they are right in doing so.
So there are two countermeasures, first to protect their ip, second to open access to ip. The second step would be necessary if they are yet behind other countries and that’s what Doctorow is aware of. The anglosaxons will need the same disrespect to ip which made them big in the 19th century because they were too silly to protect their lead in trhe last years. And the asians are better in stealing than the USA. We europeans know our partners.
So Doctorow is just helping to keep producing US-industry alive as he does in internet technology with his open internet, free access to keep big US-concerns like google in front.
So to do this this US-industry-spokesman disrespects the work of little people in Europe.

So that would be nogging, but my first post is a clear explanation in where this boingboing-blog is erroring.

This subsection applies if the person intends by doing the act—
(a)to impair the operation of any computer;
(b)to prevent or hinder access to any program or data held in any computer;
(c)to impair the operation of any such program or the reliability of any such data; or
(d)to enable any of the things mentioned in paragraphs (a) to (c) above to be done.

Such malware could be detected and stopped by foreign anti-virus companies. Companies like Kapersky or Avast, which are located outside the United States could deploy measures to stop such malware. Kapersky, in Russia, and Avast,. in tehe Czech Republic, are not subject to US laws, and could alter their anti virus programs as such.

So would I be right in saying they wish to install software on your computer that will lock down your computer if you play music or a film you haven’t paid them to permit you to play on that PC? How is this going to work? I rip the MP3 file off a CD and put it onto a mix CD… my PC will lock as it’s not on the authorised CD?

How do you track it? I upload a CD to the cloud and my PC gets locked?

The common man gets locked out of his PC that he may very well only have one of which all his work is on? You are then preventing him from carrying out his work. I understand him downloading your film means you lost money. but you then making him loose money is the exact same thing… when did 2 wrongs make a right?

Maybe if they started making DECENT things again people would pay for them. I see no reason to purchase the latest Shia-le boof movie where he plays a shy young man who is looking for a purpose and there is this overly hot girl…. blah blah… It’s crap… thats why they are hunting pirates… no-one wants the crap they are putting out.

I’m trying to figure out how they would try to do that. Put the malware on the DVD? Because putting it into the OS will do only one thing: people will move to a different OS, in untold masses.

And if it’s on the DVD the folks who do the ripping and copying will find a way around it. They have defeated all other DRM so far, they will defeat this one.

What this tells me is that I will never again buy any Hollywood DVDs or blu-rays. Okay, I don’t buy their blu-rays anyway, because they are responsible for software players not being able to take screenshots of blu-ray movies (because Hollyweird feared it would be used to rip movies, one look at pirating sites shows it had zero effect, showing again that these people have absolutely no clue about the technology they whine about.)

“Such measures do not violate existing laws on the use of the Internet”

Yes, yes they do. Actually, it’s the invasion and installation of software on an end-user’s computer that violates several laws. Doing so ‘over the Internet’ at the least would violate several FTC rulings.

It won’t make people report their crimes. All the have to do is repartition/reformat and reinstall. Just like other malware. If you have your important data backed up, it means nothing. All the pirates have to do is re-download the movies, music, etc…

MPAA, I have 5 words for you. “Computer Fraud and Abuse Act” A few excerpts, if I may: ” The CFAA defines a ‘Protected Computer’ under 18 U.S.C. § 1030(e)(2) to mean a computer…..which is used in or affecting interstate or foreign commerce or
communication, including a computer located outside the United States
that is used in a manner that affects interstate or foreign commerce or
communication of the United States.” [[This provision arguably makes any computer connected to the Internet, given the widespread use of Internet Commerce protected under the CFAA]]

“Whoever knowingly causes the transmission of a program, information, code, or
command, and as a result of such conduct, intentionally causes damage
without authorization, to a protected computer…having been found guilty, shall face a fine under this title or imprisonment for not more than ten years.” [[This assumes the person that was accused of pirating said content actually was doing so. If they hadn’t been (False Positive) then this behavior could fall arguably under recklessness, which has another set of penalties. Of course, we’re assuming this is a Personal Computer, and not some workstation in a Hospital or some other place where these machines are vitally needed.]]Either way, the MPAA is going to shoot themselves in the foot with this one, legit pirates or not.

It’ll be even funnier once they find out that the anti-terrorism laws in some countries can be applied to deliberate attacks on someone else’s computers as well. Try recovering from the PR you get once country XY can legally label your company as a terrorist organization and treat it accordingly.

Wow this is the most convincing evidence yet of just how important it is that regular people (who don’t own millions of $ in copyright assets) get heavily involved in petitioning legislators for changes in copyright law. Anyone outraged by this, please consider following the CopyrightX community proposal at StackExchange at http://goo.gl/5YDHa and posting 5 Example Questions there.

These are batshit suggestions, but – and forgive me if I’m missing something – isn’t this report more focused on scientific innovations / hardware rather than entertainment? The commissioners listed at the end of the report seem to be drawn from the worlds of politics, law and technology rather than the MPAA/RIAA. Music gets a single paragraph in the 84-page report.

I’m struggling to see how this particular report represents the “Entertainment industry” demanding rootkits and spyware, compared to some of the previous examples of copyright overreach from the music and film worlds.

Not posting this aggressively or with an agenda, I’m just struggling to see the entertainment industry pulling the levers in this particular case.

Dear hackers and crackers, if the scum BIG business and scum BIG government again work in cahoots against the common folks please invade and destroy ever BIG corporate computer of every firm involved with placing malevolent code into an innocent person’s computer.

It is time to destroy the corporate structure, the new King lording over us mere serfs, and make corporations work FOR people, not force us to obey.

Fight for freedom, folks… before the monolithic business entities and those entities servant BIG government, controls us entirely.

well, this isent gona end well, it may work on the usa, but what happens when it hit a non usa country? their laws dont aply in another country, it wont take more than a few days to get a lots of lawsuits from all over the world, from people,(inocent or not) who got problem becouse an american law that dosen aply to them

After repeatedly telling a child not to do something because there going to hurt themselves, Its just better to let them learn the hard way. Personally I say let the MPAA have at it. There only going to piss of the wrong bunch and then its thermonuclear warfare on the cyber front. The MPAA’s insane proposal will only result in massive profit loss at an unprecedented level.

Once they have there right arm savagely torn off and devoured they will be so filled with fear that they will instinctually avoid the lions den At Least for awhile until the new generation of MPAA smartys fill the ranks and decided that history is nothing more than mere fairy tale.

I tell you what Hollywood, you TRY and pull this bullshit and I will as a geek turn into a one man OS installer and wipe every machine I come across for free and ENSURE your rootkit is gone after I do so.

I have been looking for a cause to champion, thanks for helping me find one!

so basically they are starting a digital war that they will not win…. every major hacker will have a field day destroying anything connected to hollywood….. it would get so bad the gov would probably shut down the entire west coast internet just to contain the damage they would cause

I quit buying new music/movies a LONG time ago. I buy only used from places like Goodwill and garage sales (they haven’t made THAT illegal yet.) They haven’t seen a cent from me in YEARS and won’t if this nonsense goes into effect. I picked up about 50 CDs on Sunday for $2 each. Good stuff too. About half had never been opened. Take that you RIAA/MPAA nazis.

Btw, the community will deliver workarounds after max. 1 week.
Blizzard were right when they called DRM a “fight that can’t be won”. I think they should just think about how to nake the people buy their stuff even though it is available online. Because even worlds richest concerns cannot permanently win against the swarm. (i don’t mean the zerg swarm but the hacker swarm)

people just need to stop giving their money to jews and patronizing their businesses ,boycott the jews, all hymiewood puts out is shit these days anyways, every other movie these hook nose parasites make is about their fucking holocaust anyways, just more propaganda to guilt the goyim so they can extort more guilt and respiration sheckles from them ,or some shit movie glorifying the jewnited states military to get you to go enlist go over to the mid east and fight for that pilfered pile of shit they call country over there ,you dont give them money to watch their movies, you kick them in the ass and say get the fuck out of the country

Look, I completely believe this, but is there references anywhere? Im in a heated argument with people who think Im crazy and Im trying to find a reliable source to show them.. Please get at me on trutherlair.tumblr.com thanks

Will damages from an improperly disabled or destroyed system be calculated on the same bizarre logic that RIAA / MPAA calculates copyright losses? You know, the one where someone found sharing a $20 CD is sued for $50,000 per track. If they were found in court to have inappropriately “destroyed” my $150 secondhand netbook I reckon I should be awarded about $56,000,000.

Additionally, the delightfully sick irony is that an IP “protection” lobby group is desiring legally permissible flagrant violation, theft and/or destruction of individual users’ IP, privacy and/or owned goods in order to ‘protect’ their IP…

Additionally – ironic that an IP organisation refers to ‘stolen’ information… when it was settled decades ago that on a legal basis that IP right infringement was fundamentally different to infringing ownership rights i.e. theft… that’s why separate copyright law exists. IP Law day 1, copying != theft.